Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Trojan.Fakealert Found by MBAM

beerman

Posted 25 July 2013 - 01:05 PM

beerman

Member

Member

188 posts

Hello GTG!

This computer has been running poorly for the past few days. Very sluggish. After several attempts to figure out what was going on I ran a MBAM scan since it was already installed on this computer. It reported and cleaned what it called Trojan.Fakealert in two places. Not sure if this is sufficient as it still seems a bit slow.

Anyway, here are the OTL logs, as well as the MBAM log from the prior run. Hope you can help.

Advertisements

RKinner

Posted 26 July 2013 - 12:33 AM

Feel free to post the logs as you get them rather than waiting until you have them all.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

beerman

Posted 26 July 2013 - 11:28 AM

beerman

Member

Topic Starter

Member

188 posts

Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/07/2013 1:28:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/07/2013 12:11:19 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user DAYTON\bcrothers registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

RKinner

Posted 26 July 2013 - 01:38 PM

RKinner

Malware Expert

Expert

20,210 posts

None of the logs showed any real problems. Expect it was the defrag that really helped. Defrag is something that is automatically done periodically by Vista and Win 7 but needs to be done manually for XP. If you had a high percentage of fragmentation that can really slow it down. I'd say you should check it at least once a month to see if it needs it.